[PATCH net] flow_dissector: do not dissect l4 ports for fragments

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH net] flow_dissector: do not dissect l4 ports for fragments
@ 2018-11-10  0:53 Eric Dumazet
  2018-11-10  4:02 ` David Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Eric Dumazet @ 2018-11-10  0:53 UTC (permalink / raw)
  To: David S . Miller
  Cc: netdev, Eric Dumazet, Eric Dumazet, 배석진

From: 배석진 <soukjin.bae@samsung.com>

Only first fragment has the sport/dport information,
not the following ones.

If we want consistent hash for all fragments, we need to
ignore ports even for first fragment.

This bug is visible for IPv6 traffic, if incoming fragments
do not have a flow label, since skb_get_hash() will give
different results for first fragment and following ones.

It is also visible if any routing rule wants dissection
and sport or dport.

See commit 5e5d6fed3741 ("ipv6: route: dissect flow
in input path if fib rules need it") for details.

[edumazet] rewrote the changelog completely.

Fixes: 06635a35d13d ("flow_dissect: use programable dissector in skb_flow_dissect and friends")
Signed-off-by: 배석진 <soukjin.bae@samsung.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
---
 net/core/flow_dissector.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 676f3ad629f95625422aa55f0f54157001ac477c..588f475019d47c9d6bae8883acebab48aaf63b48 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -1166,8 +1166,8 @@ bool __skb_flow_dissect(const struct sk_buff *skb,
 		break;
 	}
 
-	if (dissector_uses_key(flow_dissector,
-			       FLOW_DISSECTOR_KEY_PORTS)) {
+	if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_PORTS) &&
+	    !(key_control->flags & FLOW_DIS_IS_FRAGMENT)) {
 		key_ports = skb_flow_dissector_target(flow_dissector,
 						      FLOW_DISSECTOR_KEY_PORTS,
 						      target_container);
-- 
2.19.1.930.g4563a0d9d0-goog

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH net] flow_dissector: do not dissect l4 ports for fragments
  2018-11-10  0:53 [PATCH net] flow_dissector: do not dissect l4 ports for fragments Eric Dumazet
@ 2018-11-10  4:02 ` David Miller
  0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2018-11-10  4:02 UTC (permalink / raw)
  To: edumazet; +Cc: netdev, eric.dumazet, soukjin.bae

From: Eric Dumazet <edumazet@google.com>
Date: Fri,  9 Nov 2018 16:53:06 -0800

> From: 배석진 <soukjin.bae@samsung.com>
> 
> Only first fragment has the sport/dport information,
> not the following ones.
> 
> If we want consistent hash for all fragments, we need to
> ignore ports even for first fragment.
> 
> This bug is visible for IPv6 traffic, if incoming fragments
> do not have a flow label, since skb_get_hash() will give
> different results for first fragment and following ones.
> 
> It is also visible if any routing rule wants dissection
> and sport or dport.
> 
> See commit 5e5d6fed3741 ("ipv6: route: dissect flow
> in input path if fib rules need it") for details.
> 
> [edumazet] rewrote the changelog completely.
> 
> Fixes: 06635a35d13d ("flow_dissect: use programable dissector in skb_flow_dissect and friends")
> Signed-off-by: 배석진 <soukjin.bae@samsung.com>
> Signed-off-by: Eric Dumazet <edumazet@google.com>

Applied and queued up for -stable.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2018-11-10 16:14 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-11-10  0:53 [PATCH net] flow_dissector: do not dissect l4 ports for fragments Eric Dumazet
2018-11-10  4:02 ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).